Model Overview: Difference between revisions
No edit summary |
No edit summary |
||
| Line 61: | Line 61: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.7''' | |'''AC.L2-3.1.7''' | ||
''Privileged Functions'' | ''Privileged Functions'' | ||
| Line 68: | Line 69: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.8''' | |'''AC.L2-3.1.8''' | ||
''Unsuccessful Logon Attempts'' | ''Unsuccessful Logon Attempts'' | ||
| Line 75: | Line 77: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.9''' | |'''AC.L2-3.1.9''' | ||
''Privacy & Security Notices'' | ''Privacy & Security Notices'' | ||
| Line 82: | Line 85: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.10''' | |'''AC.L2-3.1.10''' | ||
''Session Lock'' | ''Session Lock'' | ||
| Line 91: | Line 95: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.11''' | |'''AC.L2-3.1.11''' | ||
''Session Termination'' | ''Session Termination'' | ||
| Line 98: | Line 103: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.12''' | |'''AC.L2-3.1.12''' | ||
''Control Remote Access'' | ''Control Remote Access'' | ||
| Line 105: | Line 111: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.13''' | |'''AC.L2-3.1.13''' | ||
''Remote Access Confidentiality'' | ''Remote Access Confidentiality'' | ||
| Line 112: | Line 119: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.14''' | |'''AC.L2-3.1.14''' | ||
''Remote Access Routing'' | ''Remote Access Routing'' | ||
| Line 120: | Line 128: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.15''' | |'''AC.L2-3.1.15''' | ||
''Privileged Remote Access'' | ''Privileged Remote Access'' | ||
| Line 127: | Line 136: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.16''' | |'''AC.L2-3.1.16''' | ||
''Wireless Access Authorization'' | ''Wireless Access Authorization'' | ||
| Line 135: | Line 145: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.17''' | |'''AC.L2-3.1.17''' | ||
''Wireless Access Protection'' | ''Wireless Access Protection'' | ||
| Line 142: | Line 153: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.18''' | |'''AC.L2-3.1.18''' | ||
''Mobile Device Connection'' | ''Mobile Device Connection'' | ||
| Line 149: | Line 161: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.19''' | |'''AC.L2-3.1.19''' | ||
''Encrypt CUI on Mobile'' | ''Encrypt CUI on Mobile'' | ||
| Line 156: | Line 169: | ||
| | | | ||
|- | |- | ||
| | |||
|'''AC.L2-3.1.21''' | |'''AC.L2-3.1.21''' | ||
''Portable Storage Use'' | ''Portable Storage Use'' | ||
Revision as of 22:01, 22 February 2022
Source of Reference: The official Model Overview from the Office of the Under Secretary of Defense Acquisition & Sustainment.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Access Control (AC)
| Level 1 | Level 2 | Level 3 (TBD) |
|---|---|---|
| AC.L1-3.1.1
Authorized Access Control Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
|
AC.L2-3.1.3
Control CUI Flow Control the flow of CUI in accordance with approved authorizations.
|
|
| AC.L1-3.1.2
Transaction & Function Control Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
|
AC.L2-3.1.4
Separation of Duties Separate the duties of individuals to reduce the risk of malevolent activity without collusion.
|
|
| AC.L1-3.1.20
External Connections Verify and control/limit connections to and use of external information systems.
|
AC.L2-3.1.5
Least Privilege Employ the principle of least privilege, including for specific security functions and privileged accounts.
|
|
| AC.L1-3.1.22
Control Public Information Control information posted or processed on publicly accessible information systems.
|
AC.L2-3.1.6
Non-Privileged Account Use Use non-privileged accounts or roles when accessing nonsecurity functions.
|
|
| AC.L2-3.1.7
Privileged Functions Prevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logs.
|
||
| AC.L2-3.1.8
Unsuccessful Logon Attempts Limit unsuccessful logon attempts.
|
||
| AC.L2-3.1.9
Privacy & Security Notices Provide privacy and security notices consistent with applicable CUI rules.
|
||
| AC.L2-3.1.10
Session Lock Use session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivity.
|
||
| AC.L2-3.1.11
Session Termination Terminate (automatically) a user session after a defined condition.
|
||
| AC.L2-3.1.12
Control Remote Access Monitor and control remote access sessions.
|
||
| AC.L2-3.1.13
Remote Access Confidentiality Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
|
||
| AC.L2-3.1.14
Remote Access Routing Route remote access via managed access control points.
|
||
| AC.L2-3.1.15
Privileged Remote Access Authorize remote execution of privileged commands and remote access to security-relevant information.
|
||
| AC.L2-3.1.16
Wireless Access Authorization Authorize wireless access prior to allowing such connections.
|
||
| AC.L2-3.1.17
Wireless Access Protection Protect wireless access using authentication and encryption.
|
||
| AC.L2-3.1.18
Mobile Device Connection Control connection of mobile devices.
|
||
| AC.L2-3.1.19
Encrypt CUI on Mobile Encrypt CUI on mobile devices and mobile computing platforms.
|
||
| AC.L2-3.1.21
Portable Storage Use Limit use of portable storage devices on external systems.
|